Technical Analysis of Copybara
Aug. 22, 2024, 6:52 p.m.
Description
This report presents a comprehensive technical analysis of a newly discovered variant of the Copybara Android malware. The malware, which emerged in November 2021, is primarily spread through voice phishing attacks. It utilizes the MQTT protocol for command-and-control communication and abuses Android's Accessibility Service to exert control over infected devices. The malware downloads phishing pages mimicking cryptocurrency exchanges and financial institutions to steal user credentials. The analysis covers 59 supported commands with detailed functionality descriptions, providing valuable insights into the malware's capabilities.
Tags
Date
- Created: Aug. 22, 2024, 6:16 p.m.
- Published: Aug. 22, 2024, 6:16 p.m.
- Modified: Aug. 22, 2024, 6:52 p.m.
Indicators
- f91fd4f9b6594446144ba865356fde07669ea0b46a62ddd926bb8cac0aa04dc9
- f6975b1a9ab8935d45d6c2d94540b67b2374827734593c126785924afffb6634
- f703f31f7b9ef95f820a724ebcee36377e2f4a42c92756b819bea6f34ec96cac
- eb779ec4ed2c85e114a18db89b8ef9c7a19adc907748d1f18076e167f79bf04b
- eb1f89b2edaeda18023a6ea5cd7a4b2997e4839e1f3d57e54c5b7a1b64407874
- e82b0023abcc4bdb549f319389620c4cbd8ffabe8648168db31db62fd84a6904
- e57565bd3f398508321470f857dfb07c195ed9b7b494ba00dc7c407ac8b8f3e1
- e3875e3b20be42f38f457cf0b0d85683535472b47535635ec42da52b73b27e6e
- e328dde9fa6db3da195e813696973657cc4fe636601cb0061a75c5086b04aa95
- e097bb08da761ae5780e6c600c79738e36285a59589098dde53c88611c1ac66a
- de242d9428a378a1b0dacb2e8d481fdfb062a47450f815c13e105975d5a41663
- d887be78f443fabeb348ac2f85e1d42ed4d1c2cfc87d9e314c4b812c0b1fcfd8
- d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7
- d23ef9fe27b116d982f8ebafb99587ffc9cc6c9b932f1b2d5efab2dad156e65e
- cad56908abd1508451a5af4a5304de092f0342ec6a24bbbeb9b3988683483c84
- c8c73080a2eb18ad1434ac408e916f3f819637550dfe07f20ad79e66ec1b2cf9
- c32eb3b850a20e4715a6db40635de9fc6cefad840ce7e64e9c68c2b3e378ee7e
- bff6fb5cbb1c0f8d05e2c6acefcf499a9c22f10d7db8aeda994638bf75018fbf
- bcae6ea26fe1dd1fa5652e05c1b888186307ad277ce238a255908061b837a484
- b99fc0a9eea993d6b5a04b0a0b05fe103f164fb85281fcddb04ac686daee065f
- b5c206d8f980c8fa12a29886fad49f6a1469264055740cdf763efa7f726cd8d7
- b4379324c7dc1fc623bcd9d2e8099dc3588ac23f87f33151d1c1005a1f33e713
- b217e4f8143a6fbbad2e0667ce8242fc207274a78ce464af9b122df8ba12690b
- b1b6a2d91e6fcc07322edce92aa75c13763b6844b2a1a549eeaf0f536bdc6183
- b009ad0ed336f1e4bff3f452e238b3ea83d3bc7773f52d16d057298c116a95ea
- ad1182d8bf3b1976e09f45b91085167559bc24e8f5e3f7315f96f344532cbcf8
- afa3c43141a5b6f2473d49cdfa0bce1bf0af235a40f3ec092299287291137841
- ab85b62cad1a4009bf99c621b4950ee23c413b5c424952f225497bca7a318a99
- a8cc088426c6406f03ccedbb854e8dc83543d38c98a405db15074e9531731ade
- a46537ccf4a188091f973a47b7186ee805539a0e5d94c62867cec08cec1c33e6
- a1a1fbdb6070ff388642974b1616d1955c2a89fbb8702caa02fa6927adbdad6c
- 9f693923e5641c046bdcadf10b4e2b553d078b98afc2e30f2d72660b1e0161ed
- 9c136701362e2d661805257c02e23c9aa01b9081e1a559571f947390522fc51b
- 9b204f839aed79d4c27f8d28198ef596dec9848a27a51f0672743a91e618677c
- 989cf5faf307304f86db03180978ba4bd93c909bb458db83fcebe4fb48d7a002
- 9830b91dfcf987a2556afd85893f8569c6ba03e3ebb194ecb6b32dafbc22e1e1
- 9762eba15b893609b9461125c5adbcaf3bac7fea9536ffca72566abfa1bed084
- 91fda73902e1a2a76b999df11caa4532c9c440d6f3da63dc03e0a78109d7583a
- 8bbb6cd5277177beb86b037ef77d6fcbae4a51a19668063d4d1b40ce2453dad3
- 8a2f6ff8aa1a6b416cb0aaa1530a8178c53760a69ce5c14d1d16ee880c335a4f
- 8b05684a73f44ed82c0faf424b2d41a0c7b00c2fef4d7dc232c5433739a59f6c
- 878bb68727daf025c0c9619d1d12337c289489f1190410ca4025c47f39357aa5
- 85901707c7d058269820671e10af027eeadd39ee15f079cff340eed0f0ac9c2e
- 868ce8fa932c46b6de18455dfc0935a75029cc10c7b484bc358cdfabf0b0c533
- 7ffbc88e97be67214ad17325142ceb54823a5bdcebdbd4e4c9d0c65b3f0a1813
- 7fa3d58a0056e8492a84894a6fd3b3d0d87ff1f9656f5e54b10580b9a4a4fd6a
- 7b3262b6c3ad52e50e2ec6faf1ffb12ca08f0d17ac4f90420f13a6053b7f9622
- 7a165645df48f6bde0fd5939a3e15d160826d944e603c34d46a7285f02f0941e
- 790b166081fd763cc6239881a78ba5c4d757b8f98d1b5d5f7abfdede76f54c05
- 767e4c42cefc4a29921f612f14611cf56b7d950ba91ccdd3a59adb57f25b7d18
- 731a58248c7b467bc9d9a7482d8cb010242b3a534904ddc39471fa0620752d22
- 6bc1ac4f844a6940c9e083c32bbf3f469b1322cc5aa83e12ab1a7f35cdb51c23
- 6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708
- 5bc6f1986a6e794e8feb78c763fef5f8cbb59f3696daa468aba058fb79befbf0
- 6b15d8508e6782c25dc48618bbbe9b53c8c9a822655a8e52b7370e034fae7564
- 4daf21a708afc06c0da4ee6e192a6db6405efb1e3a9eb6905cc69d501e781c8b
- 4b43f7145eebe4c07d208911b9d74c7c996a5037a04d52e4c38a80c2456d1187
- 472feeabc60fdcc87345574586a7599ead1625c94bf75f373e9086b4a6cfedbe
- 447c387fca23aea2b0b78f1cf9ee1c369078196fe3c3051bb99309268d4a9f79
- 41b61acc644add0a40ec6dbda231ae41f9de478fbf8cc029bc89d95a2829a53e
- 40df5d874ed86aa65454d3d7becc334b7ca2dcb11754f9131135071a98752691
- 376ff4dbea2e3570a5cb98a8b335c0503d050fecd7bb4f65d252b1b596d14fc7
- 2d5e80f752608faa23f05e6558a695fcac261d78b9979d6746dc11dc995665e3
- 2a5d05a6bfb3a73a91d88c15384c9b384d9309e8db0ed4e348d1a85d0f6729db
- 2a1118c91d97a34e06344191eff546c062f81ccf58a7fa7bf1ec206a42d36c2b
- 28323f93a6657363a0637341358303485d2cf240995457fc8393fb6b74f10d30
- 29e642ef6bd41f343f66210e924724bb343432affd1ed25bf386d638ae79ee87
- 24a58d1168d02009c97095e75387765e63b320a0dde1f8a9a7c8e3689a3f6dfb
- 230f3d74004fee235055e786aba413abff2ed5cf4faa1987a070493be28c75d1
- 22988cbb286f387036ced6fca6bb72b9f5e326706ad99065bc04bb8cb5dc4a12
- 22046aaef8a6439d1f5f2980b4d6282e7b69e98c95a0f52010d8953f0cb5e736
- 1a3e682c924edc1dc0a525f7f1c3e2534cb2945dfaf5bad52089592d216c6c7b
- 1487cfbb6d702b8b2cfa88a6d586c092cdfbb472274ff54f894df35edd2f9d3e
- 19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a
- 13b904ed2391fed303979b8b8fe0ac72a356cab091057600237fc8ac784db82a
- 136efade44da726858480a9b56aab5a9509e7c04b71fec08e9b779c069632d8c
- 11470b5107f563c19ab92929a0e0ee5cf1b0c95fdd146f69ff9f9d4123f908cb
- 0280536885bb406bc8cd90631bb48ddd809dcf16ecfb5acdc2e75c40171a63af
- 01b0e9cb7e864e753261b94e3e652254968d8188562a5abfc240d19fa783bc5f
- 46.249.35.219
- 213.109.192.177
- 213.109.147.35
- 212.237.217.111
- 193.31.41.93
- 193.3.19.37
- 176.126.113.210
- 159.100.20.184
- 176.124.32.39
- 159.100.13.181
- 146.19.143.42
- 146.103.41.28
- 80.251.153.96
- 194.99.22.182
- scarica-app.site
- scarica-app.icu
- scarica-app-token.com
- la-nuova-app.cc
- la-mia-app.com
- generali-verifica.com
- installa-app.com
- entrar-y-confirmar.com
- enlace-cliente.com
- descarga-app-sign.com
- datos-cliente.com
- clienti-dati.com
- clienti-verifica.com
- descargar-e-instalar.com
Attack Patterns
- Copybara
- T1600.001
- T1592.001
- T1600
- T1592.002
- T1548.002
- T1537
- T1583
- T1548
- T1530
- T1497
- T1518.001
- T1518
- T1496
- T1498
- T1592